From 6a66f572039ea9193b2c4882943ab3a94ed3f844 Mon Sep 17 00:00:00 2001 From: Kevin Ingersoll Date: Thu, 15 Aug 2024 11:25:14 +0100 Subject: [PATCH] refactor(world): make AccessControl lib usable outside of world package (#3034) --- .changeset/quick-fans-jog.md | 7 ++ .../reference/internal/access-control.mdx | 79 +++++++++++++++++++ .../src/MetadataModule.sol | 4 +- .../src/MetadataSystem.sol | 11 +-- packages/world-module-metadata/src/common.sol | 60 -------------- .../src/modules/erc20-puppet/ERC20System.sol | 4 +- .../modules/erc721-puppet/ERC721System.sol | 4 +- .../modules/puppet/PuppetFactorySystem.sol | 5 +- .../src/utils/AccessControlLib.sol | 55 ------------- packages/world/gas-report.json | 14 ++-- packages/world/src/AccessControl.sol | 54 ++++++++++++- packages/world/src/SystemCall.sol | 2 +- packages/world/src/World.sol | 22 +++--- packages/world/src/WorldProxy.sol | 2 +- .../AccessManagementSystem.sol | 14 ++-- .../implementations/BalanceTransferSystem.sol | 6 +- .../StoreRegistrationSystem.sol | 10 +-- .../WorldRegistrationSystem.sol | 24 +++--- 18 files changed, 200 insertions(+), 177 deletions(-) create mode 100644 .changeset/quick-fans-jog.md delete mode 100644 packages/world-module-metadata/src/common.sol delete mode 100644 packages/world-modules/src/utils/AccessControlLib.sol diff --git a/.changeset/quick-fans-jog.md b/.changeset/quick-fans-jog.md new file mode 100644 index 0000000000..9574926cf8 --- /dev/null +++ b/.changeset/quick-fans-jog.md @@ -0,0 +1,7 @@ +--- +"@latticexyz/world-module-metadata": patch +"@latticexyz/world-modules": patch +"@latticexyz/world": patch +--- + +Refactored `AccessControl` library exported from `@latticexyz/world` to be usable outside of the world package and updated module packages to use it. diff --git a/docs/pages/world/reference/internal/access-control.mdx b/docs/pages/world/reference/internal/access-control.mdx index fc68e20652..963f8bda0f 100644 --- a/docs/pages/world/reference/internal/access-control.mdx +++ b/docs/pages/world/reference/internal/access-control.mdx @@ -29,6 +29,29 @@ function hasAccess(ResourceId resourceId, address caller) internal view returns | -------- | ------ | ----------------------------------------------- | | `` | `bool` | true if the caller has access, false otherwise. | +#### \_hasAccess + +Checks if the caller has access to the given resource ID or its namespace. + +_This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts._ + +```solidity +function _hasAccess(ResourceId resourceId, address caller) internal view returns (bool); +``` + +**Parameters** + +| Name | Type | Description | +| ------------ | ------------ | ------------------------------------ | +| `resourceId` | `ResourceId` | The resource ID to check access for. | +| `caller` | `address` | The address of the caller. | + +**Returns** + +| Name | Type | Description | +| -------- | ------ | ----------------------------------------------- | +| `` | `bool` | true if the caller has access, false otherwise. | + #### requireAccess Check for access at the given namespace or resource. @@ -46,6 +69,25 @@ function requireAccess(ResourceId resourceId, address caller) internal view; | `resourceId` | `ResourceId` | The resource ID to check access for. | | `caller` | `address` | The address of the caller. | +#### \_requireAccess + +Check for access at the given namespace or resource. + +_Reverts with IWorldErrors.World_AccessDenied if access is denied._ + +_This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts._ + +```solidity +function _requireAccess(ResourceId resourceId, address caller) internal view; +``` + +**Parameters** + +| Name | Type | Description | +| ------------ | ------------ | ------------------------------------ | +| `resourceId` | `ResourceId` | The resource ID to check access for. | +| `caller` | `address` | The address of the caller. | + #### requireOwner Check for ownership of the namespace of the given resource ID. @@ -63,6 +105,25 @@ function requireOwner(ResourceId resourceId, address caller) internal view; | `resourceId` | `ResourceId` | The resource ID to check ownership for. | | `caller` | `address` | The address of the caller. | +#### \_requireOwner + +Check for ownership of the namespace of the given resource ID. + +_Reverts with IWorldErrors.World_AccessDenied if caller is not owner of the namespace of the resource._ + +_This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts._ + +```solidity +function _requireOwner(ResourceId resourceId, address caller) internal view; +``` + +**Parameters** + +| Name | Type | Description | +| ------------ | ------------ | --------------------------------------- | +| `resourceId` | `ResourceId` | The resource ID to check ownership for. | +| `caller` | `address` | The address of the caller. | + #### requireExistence Check for existence of the given resource ID. @@ -78,3 +139,21 @@ function requireExistence(ResourceId resourceId) internal view; | Name | Type | Description | | ------------ | ------------ | --------------------------------------- | | `resourceId` | `ResourceId` | The resource ID to check existence for. | + +#### \_requireExistence + +Check for existence of the given resource ID. + +_Reverts with IWorldErrors.World_ResourceNotFound if the resource does not exist._ + +_This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts._ + +```solidity +function _requireExistence(ResourceId resourceId) internal view; +``` + +**Parameters** + +| Name | Type | Description | +| ------------ | ------------ | --------------------------------------- | +| `resourceId` | `ResourceId` | The resource ID to check existence for. | diff --git a/packages/world-module-metadata/src/MetadataModule.sol b/packages/world-module-metadata/src/MetadataModule.sol index 67cae69e85..7500c918fd 100644 --- a/packages/world-module-metadata/src/MetadataModule.sol +++ b/packages/world-module-metadata/src/MetadataModule.sol @@ -3,7 +3,7 @@ pragma solidity >=0.8.24; import { IBaseWorld } from "@latticexyz/world/src/codegen/interfaces/IBaseWorld.sol"; import { Module } from "@latticexyz/world/src/Module.sol"; -import { requireOwner } from "./common.sol"; +import { AccessControl } from "@latticexyz/world/src/AccessControl.sol"; import { ResourceId, WorldResourceIdLib, WorldResourceIdInstance } from "@latticexyz/world/src/WorldResourceId.sol"; import { ResourceIds } from "@latticexyz/store/src/codegen/tables/ResourceIds.sol"; import { RESOURCE_SYSTEM } from "@latticexyz/world/src/worldResourceTypes.sol"; @@ -33,7 +33,7 @@ contract MetadataModule is Module { if (!ResourceIds.getExists(namespace)) { world.registerNamespace(namespace); } - requireOwner(namespace, address(this)); + AccessControl.requireOwner(namespace, address(this)); if (!ResourceIds.getExists(ResourceTag._tableId)) { ResourceTag.register(); diff --git a/packages/world-module-metadata/src/MetadataSystem.sol b/packages/world-module-metadata/src/MetadataSystem.sol index 090fec2d54..17a48b85d5 100644 --- a/packages/world-module-metadata/src/MetadataSystem.sol +++ b/packages/world-module-metadata/src/MetadataSystem.sol @@ -3,7 +3,8 @@ pragma solidity >=0.8.24; import { ResourceId } from "@latticexyz/store/src/ResourceId.sol"; import { System } from "@latticexyz/world/src/System.sol"; -import { requireExistence, requireOwner } from "./common.sol"; +import { AccessControl } from "@latticexyz/world/src/AccessControl.sol"; + import { ResourceTag } from "./codegen/tables/ResourceTag.sol"; contract MetadataSystem is System { @@ -12,14 +13,14 @@ contract MetadataSystem is System { } function setResourceTag(ResourceId resource, bytes32 tag, bytes memory value) public { - requireExistence(resource); - requireOwner(resource, _msgSender()); + AccessControl.requireExistence(resource); + AccessControl.requireOwner(resource, _msgSender()); ResourceTag.set(resource, tag, value); } function deleteResourceTag(ResourceId resource, bytes32 tag) public { - requireExistence(resource); - requireOwner(resource, _msgSender()); + AccessControl.requireExistence(resource); + AccessControl.requireOwner(resource, _msgSender()); ResourceTag.deleteRecord(resource, tag); } } diff --git a/packages/world-module-metadata/src/common.sol b/packages/world-module-metadata/src/common.sol deleted file mode 100644 index 193c9c39ac..0000000000 --- a/packages/world-module-metadata/src/common.sol +++ /dev/null @@ -1,60 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity >=0.8.24; - -import { ResourceId, WorldResourceIdInstance } from "@latticexyz/world/src/WorldResourceId.sol"; -import { IWorldErrors } from "@latticexyz/world/src/IWorldErrors.sol"; -import { ResourceAccess } from "@latticexyz/world/src/codegen/tables/ResourceAccess.sol"; -import { NamespaceOwner } from "@latticexyz/world/src/codegen/tables/NamespaceOwner.sol"; -import { ResourceIds } from "@latticexyz/store/src/codegen/tables/ResourceIds.sol"; - -using WorldResourceIdInstance for ResourceId; - -// TODO: move these to world - -/** - * @notice Checks if the caller has access to the given resource ID or its namespace. - * @param resourceId The resource ID to check access for. - * @param caller The address of the caller. - * @return true if the caller has access, false otherwise. - */ -function hasAccess(ResourceId resourceId, address caller) view returns (bool) { - return - // First check access based on the namespace. If caller has no namespace access, check access on the resource. - ResourceAccess.get(resourceId.getNamespaceId(), caller) || ResourceAccess.get(resourceId, caller); -} - -/** - * @notice Check for access at the given namespace or resource. - * @param resourceId The resource ID to check access for. - * @param caller The address of the caller. - * @dev Reverts with IWorldErrors.World_AccessDenied if access is denied. - */ -function requireAccess(ResourceId resourceId, address caller) view { - // Check if the given caller has access to the given namespace or name - if (!hasAccess(resourceId, caller)) { - revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); - } -} - -/** - * @notice Check for ownership of the namespace of the given resource ID. - * @dev Reverts with IWorldErrors.World_AccessDenied if caller is not owner of the namespace of the resource. - * @param resourceId The resource ID to check ownership for. - * @param caller The address of the caller. - */ -function requireOwner(ResourceId resourceId, address caller) view { - if (NamespaceOwner.get(resourceId.getNamespaceId()) != caller) { - revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); - } -} - -/** - * @notice Check for existence of the given resource ID. - * @dev Reverts with IWorldErrors.World_ResourceNotFound if the resource does not exist. - * @param resourceId The resource ID to check existence for. - */ -function requireExistence(ResourceId resourceId) view { - if (!ResourceIds.getExists(resourceId)) { - revert IWorldErrors.World_ResourceNotFound(resourceId, resourceId.toString()); - } -} diff --git a/packages/world-modules/src/modules/erc20-puppet/ERC20System.sol b/packages/world-modules/src/modules/erc20-puppet/ERC20System.sol index c28d5cedb4..ce751d113a 100644 --- a/packages/world-modules/src/modules/erc20-puppet/ERC20System.sol +++ b/packages/world-modules/src/modules/erc20-puppet/ERC20System.sol @@ -6,8 +6,8 @@ import { System } from "@latticexyz/world/src/System.sol"; import { WorldResourceIdInstance } from "@latticexyz/world/src/WorldResourceId.sol"; import { NamespaceOwner } from "@latticexyz/world/src/codegen/tables/NamespaceOwner.sol"; import { SystemRegistry } from "@latticexyz/world/src/codegen/tables/SystemRegistry.sol"; +import { AccessControl } from "@latticexyz/world/src/AccessControl.sol"; -import { AccessControlLib } from "../../utils/AccessControlLib.sol"; import { PuppetMaster } from "../puppet/PuppetMaster.sol"; import { toTopic } from "../puppet/utils.sol"; import { Balances } from "../tokens/tables/Balances.sol"; @@ -281,6 +281,6 @@ contract ERC20System is System, IERC20Mintable, PuppetMaster { } function _requireOwner() internal view { - AccessControlLib.requireOwner(SystemRegistry.get(address(this)), _msgSender()); + AccessControl.requireOwner(SystemRegistry.get(address(this)), _msgSender()); } } diff --git a/packages/world-modules/src/modules/erc721-puppet/ERC721System.sol b/packages/world-modules/src/modules/erc721-puppet/ERC721System.sol index bb8c58f16a..404009708d 100644 --- a/packages/world-modules/src/modules/erc721-puppet/ERC721System.sol +++ b/packages/world-modules/src/modules/erc721-puppet/ERC721System.sol @@ -5,8 +5,8 @@ import { ResourceId } from "@latticexyz/store/src/ResourceId.sol"; import { System } from "@latticexyz/world/src/System.sol"; import { WorldResourceIdInstance } from "@latticexyz/world/src/WorldResourceId.sol"; import { SystemRegistry } from "@latticexyz/world/src/codegen/tables/SystemRegistry.sol"; +import { AccessControl } from "@latticexyz/world/src/AccessControl.sol"; -import { AccessControlLib } from "../../utils/AccessControlLib.sol"; import { PuppetMaster } from "../puppet/PuppetMaster.sol"; import { toTopic } from "../puppet/utils.sol"; import { Balances } from "../tokens/tables/Balances.sol"; @@ -526,6 +526,6 @@ contract ERC721System is IERC721Mintable, System, PuppetMaster { } function _requireOwner() internal view { - AccessControlLib.requireOwner(SystemRegistry.get(address(this)), _msgSender()); + AccessControl.requireOwner(SystemRegistry.get(address(this)), _msgSender()); } } diff --git a/packages/world-modules/src/modules/puppet/PuppetFactorySystem.sol b/packages/world-modules/src/modules/puppet/PuppetFactorySystem.sol index c394d7e0ac..2754dd6f9b 100644 --- a/packages/world-modules/src/modules/puppet/PuppetFactorySystem.sol +++ b/packages/world-modules/src/modules/puppet/PuppetFactorySystem.sol @@ -4,8 +4,7 @@ pragma solidity >=0.8.24; import { ResourceId } from "@latticexyz/store/src/ResourceId.sol"; import { System } from "@latticexyz/world/src/System.sol"; import { IBaseWorld } from "@latticexyz/world/src/codegen/interfaces/IBaseWorld.sol"; - -import { AccessControlLib } from "../../utils/AccessControlLib.sol"; +import { AccessControl } from "@latticexyz/world/src/AccessControl.sol"; import { PuppetRegistry } from "./tables/PuppetRegistry.sol"; import { Puppet } from "./Puppet.sol"; @@ -14,7 +13,7 @@ import { PUPPET_TABLE_ID } from "./constants.sol"; contract PuppetFactorySystem is System { function createPuppet(ResourceId systemId) public returns (address puppet) { // Only the owner of a system can create a puppet for it - AccessControlLib.requireOwner(systemId, _msgSender()); + AccessControl.requireOwner(systemId, _msgSender()); // Deploy a new puppet contract puppet = address(new Puppet(IBaseWorld(_world()), systemId)); diff --git a/packages/world-modules/src/utils/AccessControlLib.sol b/packages/world-modules/src/utils/AccessControlLib.sol deleted file mode 100644 index 798f1e80e1..0000000000 --- a/packages/world-modules/src/utils/AccessControlLib.sol +++ /dev/null @@ -1,55 +0,0 @@ -// SPDX-License-Identifier: MIT -pragma solidity >=0.8.24; - -import { ResourceId, WorldResourceIdInstance } from "@latticexyz/world/src/WorldResourceId.sol"; -import { IWorldErrors } from "@latticexyz/world/src/IWorldErrors.sol"; -import { ResourceAccess } from "@latticexyz/world/src/codegen/tables/ResourceAccess.sol"; -import { NamespaceOwner } from "@latticexyz/world/src/codegen/tables/NamespaceOwner.sol"; - -/** - * @title AccessControlLib - * @author MUD (https://mud.dev) by Lattice (https://lattice.xyz) - * @dev Provides access control functions for checking permissions and ownership within a namespace. - * This library is functionally equivalent with the AccessControl library from world, - * but uses StoreSwitch instead of always reading from own storage. - */ -library AccessControlLib { - using WorldResourceIdInstance for ResourceId; - - /** - * @notice Checks if the caller has access to the given resource ID or its namespace. - * @param resourceId The resource ID to check access for. - * @param caller The address of the caller. - * @return true if the caller has access, false otherwise. - */ - function hasAccess(ResourceId resourceId, address caller) internal view returns (bool) { - return - // First check access based on the namespace. If caller has no namespace access, check access on the resource. - ResourceAccess.get(resourceId.getNamespaceId(), caller) || ResourceAccess.get(resourceId, caller); - } - - /** - * @notice Check for access at the given namespace or resource. - * @param resourceId The resource ID to check access for. - * @param caller The address of the caller. - * @dev Reverts with IWorldErrors.World_AccessDenied if access is denied. - */ - function requireAccess(ResourceId resourceId, address caller) internal view { - // Check if the given caller has access to the given namespace or name - if (!hasAccess(resourceId, caller)) { - revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); - } - } - - /** - * @notice Check for ownership of the namespace of the given resource ID. - * @dev Reverts with IWorldErrors.World_AccessDenied if caller is not owner of the namespace of the resource. - * @param resourceId The resource ID to check ownership for. - * @param caller The address of the caller. - */ - function requireOwner(ResourceId resourceId, address caller) internal view { - if (NamespaceOwner.get(resourceId.getNamespaceId()) != caller) { - revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); - } - } -} diff --git a/packages/world/gas-report.json b/packages/world/gas-report.json index d2da0ab8d7..8955efa3e6 100644 --- a/packages/world/gas-report.json +++ b/packages/world/gas-report.json @@ -3,43 +3,43 @@ "file": "test/AccessControl.t.sol", "test": "testAccessControl", "name": "AccessControl: hasAccess (cold)", - "gasUsed": 6521 + "gasUsed": 9111 }, { "file": "test/AccessControl.t.sol", "test": "testAccessControl", "name": "AccessControl: hasAccess (warm, namespace only)", - "gasUsed": 1300 + "gasUsed": 1595 }, { "file": "test/AccessControl.t.sol", "test": "testAccessControl", "name": "AccessControl: hasAccess (warm)", - "gasUsed": 2527 + "gasUsed": 3117 }, { "file": "test/AccessControl.t.sol", "test": "testRequireAccess", "name": "AccessControl: requireAccess (cold)", - "gasUsed": 6564 + "gasUsed": 9154 }, { "file": "test/AccessControl.t.sol", "test": "testRequireAccess", "name": "AccessControl: requireAccess (warm)", - "gasUsed": 2566 + "gasUsed": 3156 }, { "file": "test/AccessControl.t.sol", "test": "testRequireOwner", "name": "AccessControl: requireOwner (cold)", - "gasUsed": 3106 + "gasUsed": 5401 }, { "file": "test/AccessControl.t.sol", "test": "testRequireOwner", "name": "AccessControl: requireOwner (warm)", - "gasUsed": 1107 + "gasUsed": 1402 }, { "file": "test/BatchCall.t.sol", diff --git a/packages/world/src/AccessControl.sol b/packages/world/src/AccessControl.sol index 716a7f4270..f89c3f1fee 100644 --- a/packages/world/src/AccessControl.sol +++ b/packages/world/src/AccessControl.sol @@ -24,6 +24,19 @@ library AccessControl { * @return true if the caller has access, false otherwise. */ function hasAccess(ResourceId resourceId, address caller) internal view returns (bool) { + return + // First check access based on the namespace. If caller has no namespace access, check access on the resource. + ResourceAccess.get(resourceId.getNamespaceId(), caller) || ResourceAccess.get(resourceId, caller); + } + + /** + * @notice Checks if the caller has access to the given resource ID or its namespace. + * @dev This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts. + * @param resourceId The resource ID to check access for. + * @param caller The address of the caller. + * @return true if the caller has access, false otherwise. + */ + function _hasAccess(ResourceId resourceId, address caller) internal view returns (bool) { return // First check access based on the namespace. If caller has no namespace access, check access on the resource. ResourceAccess._get(resourceId.getNamespaceId(), caller) || ResourceAccess._get(resourceId, caller); @@ -31,9 +44,9 @@ library AccessControl { /** * @notice Check for access at the given namespace or resource. + * @dev Reverts with IWorldErrors.World_AccessDenied if access is denied. * @param resourceId The resource ID to check access for. * @param caller The address of the caller. - * @dev Reverts with IWorldErrors.World_AccessDenied if access is denied. */ function requireAccess(ResourceId resourceId, address caller) internal view { // Check if the given caller has access to the given namespace or name @@ -42,6 +55,20 @@ library AccessControl { } } + /** + * @notice Check for access at the given namespace or resource. + * @dev Reverts with IWorldErrors.World_AccessDenied if access is denied. + * @dev This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts. + * @param resourceId The resource ID to check access for. + * @param caller The address of the caller. + */ + function _requireAccess(ResourceId resourceId, address caller) internal view { + // Check if the given caller has access to the given namespace or name + if (!_hasAccess(resourceId, caller)) { + revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); + } + } + /** * @notice Check for ownership of the namespace of the given resource ID. * @dev Reverts with IWorldErrors.World_AccessDenied if caller is not owner of the namespace of the resource. @@ -49,6 +76,19 @@ library AccessControl { * @param caller The address of the caller. */ function requireOwner(ResourceId resourceId, address caller) internal view { + if (NamespaceOwner.get(resourceId.getNamespaceId()) != caller) { + revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); + } + } + + /** + * @notice Check for ownership of the namespace of the given resource ID. + * @dev Reverts with IWorldErrors.World_AccessDenied if caller is not owner of the namespace of the resource. + * @dev This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts. + * @param resourceId The resource ID to check ownership for. + * @param caller The address of the caller. + */ + function _requireOwner(ResourceId resourceId, address caller) internal view { if (NamespaceOwner._get(resourceId.getNamespaceId()) != caller) { revert IWorldErrors.World_AccessDenied(resourceId.toString(), caller); } @@ -60,6 +100,18 @@ library AccessControl { * @param resourceId The resource ID to check existence for. */ function requireExistence(ResourceId resourceId) internal view { + if (!ResourceIds.getExists(resourceId)) { + revert IWorldErrors.World_ResourceNotFound(resourceId, resourceId.toString()); + } + } + + /** + * @notice Check for existence of the given resource ID. + * @dev Reverts with IWorldErrors.World_ResourceNotFound if the resource does not exist. + * @dev This bypasses StoreSwitch and assumes its being called within the Store, saving gas for known call contexts. + * @param resourceId The resource ID to check existence for. + */ + function _requireExistence(ResourceId resourceId) internal view { if (!ResourceIds._getExists(resourceId)) { revert IWorldErrors.World_ResourceNotFound(resourceId, resourceId.toString()); } diff --git a/packages/world/src/SystemCall.sol b/packages/world/src/SystemCall.sol index a60ffe579e..ac984fe3da 100644 --- a/packages/world/src/SystemCall.sol +++ b/packages/world/src/SystemCall.sol @@ -49,7 +49,7 @@ library SystemCall { if (systemAddress == address(0)) revert IWorldErrors.World_ResourceNotFound(systemId, systemId.toString()); // Allow access if the system is public or the caller has access to the namespace or name - if (!publicAccess) AccessControl.requireAccess(systemId, caller); + if (!publicAccess) AccessControl._requireAccess(systemId, caller); // If the msg.value is non-zero, update the namespace's balance if (value > 0) { diff --git a/packages/world/src/World.sol b/packages/world/src/World.sol index b3e73d1a9b..eb4f9db2d1 100644 --- a/packages/world/src/World.sol +++ b/packages/world/src/World.sol @@ -95,7 +95,7 @@ contract World is StoreKernel, IWorldKernel { * @dev The caller must own the root namespace. */ function installRootModule(IModule module, bytes memory encodedArgs) public prohibitDirectCallback { - AccessControl.requireOwner(ROOT_NAMESPACE_ID, msg.sender); + AccessControl._requireOwner(ROOT_NAMESPACE_ID, msg.sender); _installRootModule(module, encodedArgs); } @@ -142,7 +142,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata dynamicData ) public virtual prohibitDirectCallback { // Require access to the namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Set the record StoreCore.setRecord(tableId, keyTuple, staticData, encodedLengths, dynamicData); @@ -162,7 +162,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata data ) public virtual prohibitDirectCallback { // Require access to the namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Splice the static data StoreCore.spliceStaticData(tableId, keyTuple, start, data); @@ -186,7 +186,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata data ) public virtual prohibitDirectCallback { // Require access to the namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Splice the dynamic data StoreCore.spliceDynamicData(tableId, keyTuple, dynamicFieldIndex, startWithinField, deleteCount, data); @@ -206,7 +206,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata data ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Set the field StoreCore.setField(tableId, keyTuple, fieldIndex, data); @@ -228,7 +228,7 @@ contract World is StoreKernel, IWorldKernel { FieldLayout fieldLayout ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Set the field StoreCore.setField(tableId, keyTuple, fieldIndex, data, fieldLayout); @@ -251,7 +251,7 @@ contract World is StoreKernel, IWorldKernel { FieldLayout fieldLayout ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Set the field StoreCore.setStaticField(tableId, keyTuple, fieldIndex, data, fieldLayout); @@ -271,7 +271,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata data ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Set the field StoreCore.setDynamicField(tableId, keyTuple, dynamicFieldIndex, data); @@ -291,7 +291,7 @@ contract World is StoreKernel, IWorldKernel { bytes calldata dataToPush ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Push to the field StoreCore.pushToDynamicField(tableId, keyTuple, dynamicFieldIndex, dataToPush); @@ -311,7 +311,7 @@ contract World is StoreKernel, IWorldKernel { uint256 byteLengthToPop ) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Push to the field StoreCore.popFromDynamicField(tableId, keyTuple, dynamicFieldIndex, byteLengthToPop); @@ -325,7 +325,7 @@ contract World is StoreKernel, IWorldKernel { */ function deleteRecord(ResourceId tableId, bytes32[] calldata keyTuple) public virtual prohibitDirectCallback { // Require access to namespace or name - AccessControl.requireAccess(tableId, msg.sender); + AccessControl._requireAccess(tableId, msg.sender); // Delete the record StoreCore.deleteRecord(tableId, keyTuple); diff --git a/packages/world/src/WorldProxy.sol b/packages/world/src/WorldProxy.sol index 2219e59709..6f7a3fb445 100644 --- a/packages/world/src/WorldProxy.sol +++ b/packages/world/src/WorldProxy.sol @@ -48,7 +48,7 @@ contract WorldProxy is Proxy { * @dev Stores a new address in the EIP1967 implementation slot with access control checks. */ function setImplementation(address newImplementation) public { - AccessControl.requireOwner(ROOT_NAMESPACE_ID, msg.sender); + AccessControl._requireOwner(ROOT_NAMESPACE_ID, msg.sender); _setImplementation(newImplementation); } diff --git a/packages/world/src/modules/init/implementations/AccessManagementSystem.sol b/packages/world/src/modules/init/implementations/AccessManagementSystem.sol index 04a897b405..89f254434b 100644 --- a/packages/world/src/modules/init/implementations/AccessManagementSystem.sol +++ b/packages/world/src/modules/init/implementations/AccessManagementSystem.sol @@ -24,10 +24,10 @@ contract AccessManagementSystem is System, LimitedCallContext { */ function grantAccess(ResourceId resourceId, address grantee) public virtual onlyDelegatecall { // Require the resource to exist - AccessControl.requireExistence(resourceId); + AccessControl._requireExistence(resourceId); // Require the caller to own the namespace - AccessControl.requireOwner(resourceId, _msgSender()); + AccessControl._requireOwner(resourceId, _msgSender()); // Grant access to the given resource ResourceAccess._set(resourceId, grantee, true); @@ -41,7 +41,7 @@ contract AccessManagementSystem is System, LimitedCallContext { */ function revokeAccess(ResourceId resourceId, address grantee) public virtual onlyDelegatecall { // Require the caller to own the namespace - AccessControl.requireOwner(resourceId, _msgSender()); + AccessControl._requireOwner(resourceId, _msgSender()); // Revoke access from the given resource ResourceAccess._deleteRecord(resourceId, grantee); @@ -58,10 +58,10 @@ contract AccessManagementSystem is System, LimitedCallContext { requireNamespace(namespaceId); // Require the namespace to exist - AccessControl.requireExistence(namespaceId); + AccessControl._requireExistence(namespaceId); // Require the caller to own the namespace - AccessControl.requireOwner(namespaceId, _msgSender()); + AccessControl._requireOwner(namespaceId, _msgSender()); // Set namespace new owner NamespaceOwner._set(namespaceId, newOwner); @@ -83,10 +83,10 @@ contract AccessManagementSystem is System, LimitedCallContext { requireNamespace(namespaceId); // Require the namespace to exist - AccessControl.requireExistence(namespaceId); + AccessControl._requireExistence(namespaceId); // Require the caller to own the namespace - AccessControl.requireOwner(namespaceId, _msgSender()); + AccessControl._requireOwner(namespaceId, _msgSender()); // Delete namespace owner NamespaceOwner._deleteRecord(namespaceId); diff --git a/packages/world/src/modules/init/implementations/BalanceTransferSystem.sol b/packages/world/src/modules/init/implementations/BalanceTransferSystem.sol index 88fedb3b66..4718a8d2e6 100644 --- a/packages/world/src/modules/init/implementations/BalanceTransferSystem.sol +++ b/packages/world/src/modules/init/implementations/BalanceTransferSystem.sol @@ -41,10 +41,10 @@ contract BalanceTransferSystem is System, IWorldErrors, LimitedCallContext { requireNamespace(toNamespaceId); // Require the namespace to exist - AccessControl.requireExistence(toNamespaceId); + AccessControl._requireExistence(toNamespaceId); // Require caller to have access to the namespace - AccessControl.requireAccess(fromNamespaceId, _msgSender()); + AccessControl._requireAccess(fromNamespaceId, _msgSender()); // Get current namespace balance uint256 balance = Balances._get(fromNamespaceId); @@ -70,7 +70,7 @@ contract BalanceTransferSystem is System, IWorldErrors, LimitedCallContext { uint256 amount ) public virtual onlyDelegatecall { // Require caller to have access to the namespace - AccessControl.requireAccess(fromNamespaceId, _msgSender()); + AccessControl._requireAccess(fromNamespaceId, _msgSender()); // Get current namespace balance uint256 balance = Balances._get(fromNamespaceId); diff --git a/packages/world/src/modules/init/implementations/StoreRegistrationSystem.sol b/packages/world/src/modules/init/implementations/StoreRegistrationSystem.sol index 1b4eb63d50..915ecd4291 100644 --- a/packages/world/src/modules/init/implementations/StoreRegistrationSystem.sol +++ b/packages/world/src/modules/init/implementations/StoreRegistrationSystem.sol @@ -53,10 +53,10 @@ contract StoreRegistrationSystem is System, IWorldErrors, LimitedCallContext { } // Require the table's namespace to exist - AccessControl.requireExistence(tableId.getNamespaceId()); + AccessControl._requireExistence(tableId.getNamespaceId()); // Require the caller to own the table's namespace - AccessControl.requireOwner(tableId, _msgSender()); + AccessControl._requireOwner(tableId, _msgSender()); // Register the table StoreCore.registerTable(tableId, fieldLayout, keySchema, valueSchema, keyNames, fieldNames); @@ -80,10 +80,10 @@ contract StoreRegistrationSystem is System, IWorldErrors, LimitedCallContext { requireInterface(address(hookAddress), type(IStoreHook).interfaceId); // Require the table's namespace to exist - AccessControl.requireExistence(tableId.getNamespaceId()); + AccessControl._requireExistence(tableId.getNamespaceId()); // Require caller to own the namespace - AccessControl.requireOwner(tableId, _msgSender()); + AccessControl._requireOwner(tableId, _msgSender()); // Register the hook StoreCore.registerStoreHook(tableId, hookAddress, enabledHooksBitmap); @@ -97,7 +97,7 @@ contract StoreRegistrationSystem is System, IWorldErrors, LimitedCallContext { */ function unregisterStoreHook(ResourceId tableId, IStoreHook hookAddress) public virtual onlyDelegatecall { // Require caller to own the namespace - AccessControl.requireOwner(tableId, _msgSender()); + AccessControl._requireOwner(tableId, _msgSender()); // Unregister the hook StoreCore.unregisterStoreHook(tableId, hookAddress); diff --git a/packages/world/src/modules/init/implementations/WorldRegistrationSystem.sol b/packages/world/src/modules/init/implementations/WorldRegistrationSystem.sol index bd91822a85..dfa7c586ba 100644 --- a/packages/world/src/modules/init/implementations/WorldRegistrationSystem.sol +++ b/packages/world/src/modules/init/implementations/WorldRegistrationSystem.sol @@ -88,13 +88,13 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { requireInterface(address(hookAddress), type(ISystemHook).interfaceId); // Require the system to exist - AccessControl.requireExistence(systemId); + AccessControl._requireExistence(systemId); // Require the system's namespace to exist - AccessControl.requireExistence(systemId.getNamespaceId()); + AccessControl._requireExistence(systemId.getNamespaceId()); // Require caller to own the namespace - AccessControl.requireOwner(systemId, _msgSender()); + AccessControl._requireOwner(systemId, _msgSender()); // Register the hook SystemHooks.push(systemId, Hook.unwrap(HookLib.encode(address(hookAddress), enabledHooksBitmap))); @@ -108,7 +108,7 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { */ function unregisterSystemHook(ResourceId systemId, ISystemHook hookAddress) public virtual onlyDelegatecall { // Require caller to own the namespace - AccessControl.requireOwner(systemId, _msgSender()); + AccessControl._requireOwner(systemId, _msgSender()); // Remove the hook from the list of hooks for this system in the system hooks table HookLib.filterListByAddress(SystemHooks._tableId, systemId, address(hookAddress)); @@ -135,10 +135,10 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { // Require the system's namespace to exist ResourceId namespaceId = systemId.getNamespaceId(); - AccessControl.requireExistence(namespaceId); + AccessControl._requireExistence(namespaceId); // Require the caller to own the namespace - AccessControl.requireOwner(namespaceId, _msgSender()); + AccessControl._requireOwner(namespaceId, _msgSender()); // Require the provided address to implement the WorldContextConsumer interface requireInterface(address(system), type(IWorldContextConsumer).interfaceId); @@ -196,10 +196,10 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { } // Require the resource to exist - AccessControl.requireExistence(systemId); + AccessControl._requireExistence(systemId); // Require the caller to own the namespace - AccessControl.requireOwner(systemId, _msgSender()); + AccessControl._requireOwner(systemId, _msgSender()); // Compute global function selector string memory namespaceString = WorldResourceIdLib.toTrimmedString(systemId.getNamespace()); @@ -234,7 +234,7 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { string memory systemFunctionSignature ) public onlyDelegatecall returns (bytes4 worldFunctionSelector) { // Require the caller to own the root namespace - AccessControl.requireOwner(ROOT_NAMESPACE_ID, _msgSender()); + AccessControl._requireOwner(ROOT_NAMESPACE_ID, _msgSender()); // Compute the function selector from the provided signature worldFunctionSelector = bytes4(keccak256(bytes(worldFunctionSignature))); @@ -299,7 +299,7 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { } // Require the caller to own the namespace - AccessControl.requireOwner(namespaceId, _msgSender()); + AccessControl._requireOwner(namespaceId, _msgSender()); // Require the delegationControl contract to implement the IDelegationControl interface address delegationControl = Systems._getSystem(delegationControlId); @@ -329,10 +329,10 @@ contract WorldRegistrationSystem is System, IWorldErrors, LimitedCallContext { requireNamespace(namespaceId); // Require the namespace to exist - AccessControl.requireExistence(namespaceId); + AccessControl._requireExistence(namespaceId); // Require the caller to own the namespace - AccessControl.requireOwner(namespaceId, _msgSender()); + AccessControl._requireOwner(namespaceId, _msgSender()); // Delete the delegation control NamespaceDelegationControl.deleteRecord(namespaceId);